Sleuth Kit Java Bindings (JNI)  4.11.1
Java bindings for using The Sleuth Kit
CommunicationsFilter.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2017-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.Collections;
24 import java.util.HashSet;
25 import java.util.List;
26 import java.util.Set;
27 import java.util.logging.Level;
28 import java.util.logging.Logger;
29 
33 final public class CommunicationsFilter {
34 
38  private final List<SubFilter> andFilters;
39 
44  this(Collections.<SubFilter>emptyList());
45  }
46 
47  CommunicationsFilter(List<? extends SubFilter> andSubFilters) {
48  this.andFilters = new ArrayList<SubFilter>(andSubFilters);
49  }
50 
60  public List<SubFilter> getAndFilters() {
61  return Collections.unmodifiableList(andFilters);
62  }
63 
70  public void addAndFilter(SubFilter subFilter) {
71  andFilters.add(subFilter);
72  }
73 
77  public static abstract class SubFilter {
78 
84  public abstract String getDescription();
85 
93  abstract String getSQL(CommunicationsManager commsManager);
94  }
95 
100  final public static class RelationshipTypeFilter extends SubFilter {
101 
102  private final Set<Relationship.Type> relationshipTypes;
103 
109  public RelationshipTypeFilter(Collection<Relationship.Type> relationshipTypes) {
110  this.relationshipTypes = new HashSet<Relationship.Type>(relationshipTypes);
111  }
112 
113  @Override
114  public String getDescription() {
115  return "Filters relationships by relationship type.";
116  }
117 
125  @Override
126  public String getSQL(CommunicationsManager commsManager) {
127  if (relationshipTypes.isEmpty()) {
128  return "";
129  }
130 
131  List<Integer> relationShipTypeIds = new ArrayList<Integer>();
132  for (Relationship.Type relType : relationshipTypes) {
133  relationShipTypeIds.add(relType.getTypeID());
134  }
135  return " relationships.relationship_type IN ( "
136  + CommManagerSqlStringUtils.buildCSVString(relationShipTypeIds) + " )";
137  }
138  }
139 
143  final public static class DateRangeFilter extends SubFilter {
144 
145  private final long startDate;
146  private final long endDate;
147  private static final long SECS_PER_DAY = 86400;
148 
155  public DateRangeFilter(long startDate, long endDate) {
156  this.startDate = startDate;
157  // Add a day to end date to make it inclusive in the range
158  if (endDate > 0) {
159  this.endDate = endDate + SECS_PER_DAY;
160  } else {
161  this.endDate = endDate;
162  }
163  }
164 
170  public long getStartDate() {
171  return startDate;
172  }
173 
178  public long getEndDate() {
179  return endDate;
180  }
181 
182  @Override
183  public String getDescription() {
184  return "Filters communications by date range.";
185  }
186 
194  @Override
195  public String getSQL(CommunicationsManager commsManager) {
196  if ((0 == startDate) && (0 == endDate)) {
197  return "";
198  }
199  String sql = "";
200  if (startDate > 0) {
201  sql = "(" + " relationships.date_time IS NULL OR relationships.date_time >= " + startDate + ")";
202  }
203  if (endDate > 0) {
204  if (!sql.isEmpty()) {
205  sql += " AND ";
206  }
207  sql += "(" + " relationships.date_time IS NULL OR relationships.date_time < " + endDate + ")";
208  }
209  return sql;
210  }
211  }
212 
217  final public static class AccountTypeFilter extends SubFilter {
218 
219  private final Set<Account.Type> accountTypes;
220 
226  public AccountTypeFilter(Collection<Account.Type> accountTypes) {
227  super();
228  this.accountTypes = new HashSet<Account.Type>(accountTypes);
229  }
230 
236  public Set<Account.Type> getAccountTypes() {
237  return accountTypes;
238  }
239 
240  @Override
241  public String getDescription() {
242  return "Filters accounts and relationships by account type.";
243  }
244 
252  @Override
253  public String getSQL(CommunicationsManager commsManager) {
254  if (accountTypes.isEmpty()) {
255  return "";
256  }
257 
258  List<Integer> type_ids = new ArrayList<>();
259  for (Account.Type accountType : accountTypes) {
260  type_ids.add(commsManager.getAccountTypeId(accountType));
261  }
262  String account_type_ids_list = CommManagerSqlStringUtils.buildCSVString(type_ids);
263  return " account_types.account_type_id IN ( " + account_type_ids_list + " )";
264  }
265  }
266 
271  final public static class DeviceFilter extends SubFilter {
272 
273  private final Set<String> deviceIds;
274 
280  public DeviceFilter(Collection<String> deviceIds) {
281  super();
282  this.deviceIds = new HashSet<String>(deviceIds);
283  }
284 
285  @Override
286  public String getDescription() {
287  return "Filters accounts and relationships by device id.";
288  }
289 
295  public Collection<String> getDevices() {
296  return deviceIds;
297  }
298 
306  @Override
307  public String getSQL(CommunicationsManager commsManager) {
308  if (deviceIds.isEmpty()) {
309  return "";
310  }
311  String sql = "";
312  List<Long> ds_ids = new ArrayList<Long>();
313  for (String deviceId : deviceIds) {
314  try {
315  ds_ids.addAll(commsManager.getSleuthkitCase().getDataSourceObjIds(deviceId));
316  } catch (TskCoreException ex) {
317  Logger.getLogger(DeviceFilter.class.getName()).log(Level.WARNING, "failed to get datasource object ids for deviceId", ex);
318  }
319  }
320  String datasource_obj_ids_list = CommManagerSqlStringUtils.buildCSVString(ds_ids);
321  if (!datasource_obj_ids_list.isEmpty()) {
322  sql = " relationships.data_source_obj_id IN ( " + datasource_obj_ids_list + " )";
323  }
324  return sql;
325  }
326  }
327 
331  final public static class MostRecentFilter extends SubFilter {
332  private final int limit;
333 
340  public MostRecentFilter(int limit) {
341  super();
342  this.limit = limit;
343  }
344 
350  public int getLimit() {
351  return limit;
352  }
353 
354  @Override
355  public String getDescription() {
356  return "Filters accounts and relationships by the most recent given relationships.";
357  }
358 
359  @Override
360  String getSQL(CommunicationsManager commsManager) {
361  if(limit > 0) {
362  return "ORDER BY relationships.date_time DESC LIMIT " + limit;
363  } else {
364  return "";
365  }
366  }
367  }
368 }
RelationshipTypeFilter(Collection< Relationship.Type > relationshipTypes)

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.